Outgoing user mail throughput limitations

xxfogs · May 12, 2024, 1:42pm

Is it planned to implement officially supported outgoing user mail throughput limitations?

I find that such a feature would be quite useful as loss of passwords is quite common among regular users which in the worst case is going to lead to spam mail being sent out through my server.

It would be great if there was a way to limit outgoing mail to, e.g. 100 mail/hour in a way that wouldn’t interfere with other MIAB systems.

I have previously tried using policyd to achieve similar functionality, however that required modifications to postfix configuration which ended up breaking upgrade system and prevented incoming mail from arriving.

stylnchris · May 12, 2024, 2:10pm

I am not aware of anything in the pipeline for this at the moment.

You can see the various pull requests here:
https://github.com/mail-in-a-box/mailinabox/pulls?q=is%3Apr+is%3Aopen

This however doesn’t mean that it will be merged into the project. Generally speaking Josh (the project creator) tries “to accept changes that are in-scope, complete, simple to review, and don’t make running this project harder.”

xxfogs · May 12, 2024, 3:02pm

That’s quite a shame, would have expected there to be something like that planned. Maybe you have suggestions for achieving similar functionality?

vele · May 12, 2024, 3:37pm

MIAB does not break main.cf on update

Just insert in
sudo nano /etc/postfix/main.cf

smtpd_client_message_rate_limit = 100
anvil_rate_time_unit = 86400s

This limit only refers to a client from a particular IP address. But it is a good start for protecting against abuse. There are other more complicated limits…

Read here if https://www.postfix.org/postconf.5.html#smtpd_client_message_rate_limit

And confirm that this is correctly what you want to achieve.
100 client message requests per day

xxfogs · May 12, 2024, 3:43pm

Better than nothing, but quite suboptimal… still thanks! Wouldn’t the correct anvil_rate_time_unit property in this case be 3600s though?

vele · May 12, 2024, 3:53pm

I thought you seek 100 per 24 hours. 86400 Be ware this limits clients from an IP such as Thunderbird… It will not limit a Roundcube webmail session.

For more fine grained limits use mtpolicyd - Getting started with mtpolicyd

xxfogs · May 12, 2024, 4:37pm

My bad. I mistyped in the original question.

As for the mtpolicyd, I can’t seem to find tutorials for rate limiting with it

stylnchris · May 13, 2024, 12:15am

Also consider clients that are Mobile (Smart Phones, iPads w/ Cellular) etc…

JoshData · May 13, 2024, 11:22am

Comments like this are disparaging to the project. Don’t do that.

xxfogs · May 13, 2024, 4:25pm

Any other ideas in that case? It would be the best if I could apply it on a by-user basis regardless of the client.

policyd was theoretically able to do that, but I have bad experience with it as described above.

xxfogs · May 13, 2024, 4:26pm

Sorry. Didn’t mean it to sound like that.

vele · May 13, 2024, 7:02pm

Read the part about postfwd. It seems painful.

vele · May 15, 2024, 2:22pm

@Alento as far as I know is an owner of a website where he sells email delivery services where rate limits are applied. Maybe you can ask him how he implemented this on per-user basis.

xxfogs · May 15, 2024, 4:00pm

Thanks for this all @vele, I will write to Alento and experiment

system · July 12, 2024, 1:43pm

This topic was automatically closed after 61 days. New replies are no longer allowed.